1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
$Module remoteip 3 "Return probable IP address based on request headers"
DESCRIPTION
===========
This modules is for Varnish Cache what mod_remoteip is for Apache. It
determines the actual client IP address for the connection, using the
useragent IP address list presented by a proxies or a load balancer
via the request headers and a preconfigred list of trusted IP
addresses. For example, if your Varnish server works behind a load
balancer or yet another reverse proxy (such as pound or haproxy to
handle the TLS connection), you can use this module to get the real
incoming connection IP address from the **X-Forwarded-For** header.
$Event remoteip_event
$Function VOID init(PRIV_VCL, STRING trusted)
Description
Initializes the module. The **trusted** argument is a string
containing comma-separated list of IP addresses of hosts which
are trusted to correctly set the value of the **X-Forwarded-For**
header (or other header whose value is used as argument in the
**remoteip.get** call, which is described below). Arbitrary
amount of whitespace is allowed to surround each address.
Each address cna be a valid IPv4 or IPv6 address, optionally
followed by a slash and the netmask or netmask length.
$Function STRING get(PRIV_VCL, STRING header)
Description
The **header** argument is the value of the **X-Forwarded-For**
or a similar header, i.e. a comma-delimited list of useragent
IP addresses with optional whitespace around them. The
function scans this list from right to left, comparing each
address with the trusted IP address list, configured with a
prior call to **init**. Processing halts when the IP address
is not found in that list or when the list is exhausted. In
the latter case, the first address from the **header** list is
returned.
EXAMPLE
=======
::
sub vcl_init {
remoteip.init("192.0.2.1, 127.0.0.0/8");
}
sub vcl_recv {
set req.http.x-real-ip = remoteip.get(req.http.X-Forwarded-For);
...
}
COPYRIGHT
=========
| Copyright (C) Sergey Poznyakoff
| License GPLv3+: GNU GPL version 3 or later
| <http://gnu.org/licenses/gpl.html>
| This is free software: you are free to change and redistribute it.
| There is NO WARRANTY, to the extent permitted by law.
|